Extreme use of our webservers during online application season requires
we set the /proc/sys/net/ipv4/ip_conntrack_max very high (= 65536). I
tried to make this setting persistant between reboots by means of
/etc/sysctl.conf and boot.sysctl init script. But each reboot left
ip_conntrack_max = 16384.
After much hair-pulling, I finally discoverd the script
/sbin/SuSEfirewall2 contains the line:
echo 16384 > /proc/sys/net/ipv4/ip_conntrack_max
It think this is bad bad bad. Perhaps this should be a variable
controlled by yast or some file in /etc/sysconfig. But this should not
be hard-coded into the script. I don't see this in SL9.3 or SLES10. I
have altered this line in /sbin/SuSEfirewall2 to get the
ip_conntrack_max value I need, but what will happen after next update to
I realize SL9.1 is out of maintenace, so this is essencially a SLES9
issue. If you think it best, I will contact SLES support instead and
let this list rest.
Did you try poking at it with a stick?
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email] Security-related bug reports go to [hidden email], not here